Welcome to Sara Simmonds’ Privacy and Cookies Policy (Policy).

We respect your privacy and are committed to protecting your personal data. This Policy will inform you as to how we look after your personal data when you visit and use our e-commerce website and tell you about your privacy rights and how the law protects you. References to “we”, “us”, or “our” in this Policy mean Sara Simmonds. 

We ask that you read this Policy carefully.

This Policy is divided into the following sections:

Section 1: Privacy Policy
  • Who we are, purpose of this privacy policy, and our processing role
  • Contact details:
  • Our collection and use of your personal data
  • How we use your personal data and our lawful basis
  • Transfers of your personal data out of the UK and EEA
  • Marketing
  • Your rights
  • Keeping your personal data secure
  • How to complain
  • Changes to this Policy
Section 2: Cookies Policy

SECTION 1: PRIVACY POLICY

Who we are, the purpose of this Policy, and our processing role: 

Sara Simmonds Holdings LTD provides product innovation consultancy and mentoring services via its website www.sarasimmonds.com (hereafter, the Website and through other channels offline). For more information see: https://www.sarasimmonds.com/about-me
As such, we collect and use the personal data of three categories of data subjects: 
  1. Visitors to our Website; 
  2. Our clients; and 
  3. Employees and authorized representatives of clients where applicable. 
Our Website is not intended for use by children, and we do not knowingly collect data relating to children. If you are under the age of 18, you must not use our Website.

We collect, use and are responsible for certain personal data about you. When we do so we are regulated under the UK GDPR (consisting of the UK Data Protection Act 2018, as amended and updated in light of the UK’s departure from the European Union) and the EU GDPR (the General Data Protection Regulation (EU) 2016/79, as amended from time to time), as applicable based on your location in the United Kingdom or the European Union,  and we are responsible as ‘controller’ of that personal data for the purposes of those laws.

Throughout the Website, we may link to other websites owned and operated by certain trusted third parties to make additional services and services available to you, or provide external services. These other third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party websites, please consult their privacy policies as appropriate.

Contact details:

If you have any questions about this Policy or our privacy or tracking practices, please contact us using the following details:

Full Name of Legal Entity: Sara Simmonds Holdings Limited Limited t/a Sara Simmonds 

Email Address: [email protected] 

Postal Address: 43a Kings Gardens, West End Lane, London, England, NW6 4PX.

You have the right to make a complaint at any time to your local supervisory authority. If you are based in the United Kingdom, then this will be the Information Commissioner’s Office (the ICO), who is the UK regulator for data protection issues. For more information, please visit www.ico.org.uk

If you are based in the European Union, please consult the following website to find out the details of your local supervisory authority, https://edpb.europa.eu/about-edpb/board/members_en

We would, however, appreciate the chance to respond to your query and deal with your concerns before you approach a supervisory authority. 

Our collection and use of your personal data:

We collect personal data about you when you access our Website, create an account with us, purchase services via our Website or otherwise, contact us, send us feedback, post material to our Website and complete client surveys or participate in competitions via our Website.

We collect this personal data from you either directly, such as when you visit our Website, such as your browsing activity while on our Website (see Section 2 - Cookies Policy below for more information on the cookies we use).

The personal data we collect about you depends on the particular activities carried out through our Website or through your engagement with us for services. 

If you are a client, we collect the following personal data: 
  • your name and email address;
  • your role with the client company;
  • details of correspondence via phone, email, post or via communication facilities on the Website;
  • your account details, such as username, login details;
  • IP address, login data, browser type and version, operating system and platform, and device data; and 
  • usage data on how you use our Website and our services.
If you are a visitor to the Website, but do not have an account or have not purchased any services via the Website, we only collect the following personal data about you:
  • IP address, login data, browser type and version, operating system and platform, and device data; 
  • usage data on how you use our Website, and services; and 
  • your preferences in receiving marketing from us. 
We use this personal data to:
  • create and manage your account with us; 
  • verify your identity;
  • provide our Website services to you;
  • customize our Website and its content to your particular preferences and requirements;
  • notify you of any changes to our Website or to our services that may affect you; and
  • improve our services.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we use your personal data and our lawful basis for processing your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
  • If you are a client or prospective client, we will process your personal data to perform the contract we are about to enter into or have entered into with you or your company; 
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests; or
  • Where we need to comply with a legal obligation.
When we process your personal data, we are required to have a lawful basis for doing so. There are various different lawful bases on which we may rely, depending on what personal data we process and why.

Please see the below for more information on the lawful basis that we may rely on:
  • consent: where you have given us clear consent for us to process your personal data for a specific purpose
  • contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations)
  • legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests)
Further information—the personal data we collect, when and how we use it

For further details on when we collect personal data, the type of data we collect as well as the lawful basis we rely on, please read the following table:
Purpose for processing your personal data
Type of data
Lawful basis for processing including basis of legitimate interest
To create an account for you as a client on the Website 
(a) Identity(b) Contact
Performance of a contract with you
To process and deliver your order including:(a) Manage payments, fees and charges(b) Collect and recover money owed to us
(a) Identity(b) Contact(c) Financial(d) Transaction(e) Marketing and Communications
(a) Performance of a contract with you(b) Necessary for our legitimate interests (to recover debts due to us and to our contractors)
To manage our relationship with you which will include:(a) Notifying you about changes to any terms applicable to you(b) Asking you to leave a review or take a survey
(a) Identity(b) Contact(c) Profile(d) Marketing and Communications
(a) Performance of a contract with you(b) Necessary to comply with a legal obligation(c) Necessary for our legitimate interests (to keep our records updated and to study how clients use our services/services)
To enable you to partake in a prize draw, competition or complete a survey
(a) Identity(b) Contact(c) Profile(d) Usage(e) Marketing and Communications
(a) Performance of a contract with you(b) Necessary for our legitimate interests (to study how clients use our services/services, to develop them and grow our business)
To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Identity(b) Contact(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)(b) Necessary to comply with a legal obligation
To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(a) Identity(b) Contact(c) Profile(d) Usage(e) Marketing and Communications(f) Technical
Necessary for our legitimate interests (to study how clients use our services/services, to develop them, to grow our business and to inform our marketing strategy as well as the business interests and marketing strategy of resellers registered to buy services from the Website)
To use data analytics to improve our Website, services/services, marketing, client relationships and experiences
(a) Technical(b) Usage
Necessary for our legitimate interests (to define types of clients for our services and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
(a) Identity(b) Contact(c) Technical(d) Usage(e) Profile(f) Marketing and Communications
Necessary for our legitimate interests (to develop our services/services and grow our business)

Who we share your personal data with

If you are a client, we may share your personal data such as identity, contact and transactional data with us and our payments provider partner, Stripe. For more information on how Stripe processes your personal data, please see the Stripe Privacy Policy

We may also share your data with Google when storing and processing the personal details of client representatives. For more information on how Google processes your personal data, please see the Google Privacy Policy
Some of these third-party recipients may be based outside the United Kingdom and European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the UK and EEA’ below.

We will share personal data with law enforcement or other authorities if required by applicable law.

Where we do share your data with third parties, we will always ensure that such third parties are bound by a contract setting out how they are authorized to process data on our behalf and which contains provisions regarding data security and confidentiality, as required by applicable privacy laws.

Transfer of your personal data out of the UK and EEA

We may transfer your personal data to the following which are located outside the United Kingdom (UK) and European Economic Area (EEA). Where we transfer your personal data outside of the UK and the EEA, we will only do so for the purposes mentioned in this Policy and any contract that we have entered into with you or the entity that you are representing.

Countries outside of the UK and the EEA do not have the same data protection laws as the UK and EEA. Therefore, when making such a transfer of data, we will always rely on a safeguard mechanism under the UK GDPR and/or the EU GDPR. We will only transfer your personal data to a country which the European Commission or the UK authorities have given a formal adequacy decision/regulation that confirms this third-country provides an adequate level of data protection similar to those which apply in the UK and EEA. If the third-country does not have an adequacy decision awarded to it, any transfer of your personal information will be subject to entering into the European Commission’s Standard Contractual Clauses (the SCCs) which are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data. 

Transfers of personal data from the UK to the EEA shall be done on the basis of the adequacy decision awarded by the European Union to the UK pursuant to the withdrawal of the UK from the European Union in June 2021.

If you would like further information please contact us using the details provided at the start of this Policy.  

We will not otherwise transfer your personal data outside of the UK and the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Marketing

We would like to send you information about the Website, our services, the services on sale and any special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.

We will ask whether you would like us to send you marketing messages when you provide consent to such marketing, or where you have purchased services from us.  

If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us using the detail provided at the beginning of this Policy; or
—using the ‘unsubscribe’ link in emails.

Your rights

Under the UK GDPR and the EU GDPR, you have a number of important rights free of charge. In summary, those include rights to:
  • fair processing of information and transparency over how we use your use personal data
  • access to your personal data and to certain other supplementary information that this Policy is already designed to address
  • require us to correct any mistakes in your personal data which we hold
  • require the erasure of personal data concerning you in certain situations
  • receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal data concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal data
  • otherwise, restrict our processing of your personal data in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please email or write to us using the details provided at the beginning of this Policy.

We will require information from you to allow us to identify you. We will endeavour to respond to all requests with 30 days of receipt. 

Keeping your personal data secure

We have appropriate security measures in place to prevent personal data from being accidentally lost, or used, or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Changes to this Policy

This Policy was last updated on 24/03/2022.

We may change this Policy from time to time, when we do, we will update this Policy on the Website. It is your responsibility to ensure you are always up to date of the latest policy in force.